Intelligent Application Gateway (IAG) 2007 Service Pack 1, Update 2 release notes

Applies To: Intelligent Application Gateway (IAG)

These release notes provide information and describe issues related to Hotfix for Whale Communications Intelligent Application Gateway (IAG) 2007 – update 2 for improved SharePoint publishing, including the following:

  • Adjusting HTTP request smuggling protection definitions

  • Known issues

Adjusting HTTP request smuggling protection definitions

IAG smuggling protection protects applications against HTTP request smuggling (HRS) attacks by blocking POST requests that don't meet the conditions that are set in IAG, including content type and HTTP body size. In some cases, you need to change the default body size that is defined in IAG. For example, for some Web parts in a SharePoint site, the request size is larger than the default size in IAG. In this case, the warning message "HTTP Request Smuggling (HRS) Attempt" appears in the Web Monitor.

To adjust HRS protection definitions

  1. On the desktop of IAG, click Start, point to All Programs, point to Whale Communications IAG, and then click Configuration.

  2. If a password is required, enter it, and then click OK.

  3. In the Configuration console, in the Applications area, select and double-click the application whose properties you wish to adjust, and then on the Application Properties dialog box click the Web Server Security tab. In the Max HTTP Body Size box, enter a value equal to or larger than the size of the request.

  4. In the Configuration console, click the Activate configuration icon.

    If the size of a request is equal to or smaller than the size you defined here, the request is not blocked.

Known issues

You can not publish the Microsoft Office SharePoint Server 2007 application and an application that resides on the IAG server via the same trunk. For example, in order to publish both the Office SharePoint Server 2007 application and the IAG Web Monitor, publish each application on a different portal.